When I get my Maemo 5 device, I imagine I will want to show it off to other people, and let other people try it out for themselves, as it looks like it will be very 'touchable' and nice and easy to use. I would like to do this because of being proud of the device, and this also might encourage other people to get one.

However, there may be some content on the device (pictures, to-do items, documents, emails, etc.) that I would rather not show to the person to which I'm handing the device. I would like to brainstorm ways of keeping such things private.

Note that I realise that if someone was determined and had long enough, they could bypass security in any number of ways and this Brainstorm idea isn't about that. This idea is about very short term (a few minutes probably) lending of the device to guests, where I will usually be present beside them, and is only designed to cover preventation of casual or accidental snooping of private stuff.

When I get my Maemo 5 device, I imagine I will want to show it off to other people, and let other people try it out for themselves, as it looks like it will be very 'touchable' and nice and easy to use. I would like to do this because of being proud of the device, and this also might encourage other people to get one.

However, there may be some content on the device (pictures, to-do items, documents, emails, etc.) that I would rather not show to the person to which I'm handing the device. I would like to brainstorm ways of keeping such things private.

Note that I realise that if someone was determined and had long enough, they could bypass security in any number of ways and this Brainstorm idea isn't about that. This idea is about very short term (a few minutes probably) lending of the device to guests, where I will usually be present beside them, and is only designed to cover preventation of casual or accidental snooping of private stuff.

Use one of the free Norton Ghost clones for Linux. They're open source, but I don't know if they work on ARM because some are used on Live CDs. There is also 'cloning' which is popular on Nokia N800. I think something similar should be possible on N900 by using MicroSD card.

It'd work like this: one would make an image, give it loan, let them fiddle and play with it. After loan, rewrite image back and nothing has changed. Not even any of owner's settings as it is a 1:1 copy. After this, one can re-loan the device again, or continue to use it themselves.

Alternatively, it could boot from the MicroSD card instead of rewriting the image from MicroSD to flash. Then, it would not touch flash. The other way around takes more work to restore but image on MicroSD you can keep with you; flash not so, so they could access the flash (by mistake or intended). You could also make several images, put them on MicroSD, and have these several images booted depending on user who its loaned out. Saves rewriting images whole time.

All this only works if you trust those you loan the device to though for theoretically speaking once someone has physical access to your hardware they could compromise it for example by installing a bug, cold boot vector, copying your SD card, ...

__________________Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!

Put all your to-be-protected data in a folder and password-protect it. An app like Toucan should do it well. But I don't know if this app is available for N900!!

I like this idea. After all you don't want others seeing pics of you or your girlfriend in compromising positions etc !

I would think something like a protected folder would have to be viewed in an Explorer type window that asks for a password to access. when viewing, icons clicked etc to open in the default associated programs. There's no point having pictures appear up in the photo viewer with a description saying "wife naked" and a locked icon, as that will still cause inquiring minds.

Or perhaps, when the picture/video/music/etc is opened from the protected folder, it shows only the protected files available in the player, or perhaps *all* of the files on the device are accessible.

I like this idea. After all you don't want others seeing pics of you or your girlfriend in compromising positions etc !

I would think something like a protected folder would have to be viewed in an Explorer type window that asks for a password to access. when viewing, icons clicked etc to open in the default associated programs. There's no point having pictures appear up in the photo viewer with a description saying "wife naked" and a locked icon, as that will still cause inquiring minds.

Or perhaps, when the picture/video/music/etc is opened from the protected folder, it shows only the protected files available in the player, or perhaps *all* of the files on the device are accessible.

Can I borrow your device

Ok jokes apart, I see your point.
It should not only protect the folder but the files in it. I guess, it might be possible to achieve this.

For ex, lets take a simple photo viewer app!
Assuming the photo viewer app only views files ending with an extension jpg/jpeg/bmp/png/raw/etc. To avoid protected data from being viewable in the photo viewer app, the extensions of those picture files in the to-be-protected folder can be changed to something other what the photo viewer app would understand (say, xyz). And the protector app will remember all these temporary mappings.

Thanks for the comments so far. Please remember to vote for solutions at http://maemo.org/community/brainstor...oaning_device/ and add new solutions for password-protecting certain files or folders, and for ghosting (although the use case described in the Brainstorm idea was really for short term lending of the device, e.g. while in a pub, so ghosting would be a bit tricky and possibly overkill!). If you don't want to add them yourself, I can do it, but I believe you get maemo.org karma if you add them yourself.

That's a good question: I make a point of never carrying sensitive data on a mobile device (I work for the NHS, so data protection is a bit of an issue). It will mean entering passwords for things like groupwise every time I open it, but that's ok. My diary never carries full names or addresses on principle.

I like this idea. After all you don't want others seeing pics of you or your girlfriend in compromising positions etc !

I would think something like a protected folder would have to be viewed in an Explorer type window that asks for a password to access. when viewing, icons clicked etc to open in the default associated programs. There's no point having pictures appear up in the photo viewer with a description saying "wife naked" and a locked icon, as that will still cause inquiring minds.

Or perhaps, when the picture/video/music/etc is opened from the protected folder, it shows only the protected files available in the player, or perhaps *all* of the files on the device are accessible.

However, the above has the very vector I already asserted: if someone has physical access to your device they can tamper with it. In your example, even on software layer. What may only be required is root access. If there is an encrypted image they may be interested in it precisely for the very reason it is encrypted. If you use a specific directory instead of whole homedir (or whole disk encryption) there will also be metadata such as .bash_history, locate.updatedb, and cached thumbnails which must be taken into account. The solutions are simple: either do not host such data on your device, do not lend your device if it contains such data, or keep in mind metadata leaking and make sure does not happen. Good luck with the last option, for many won't understand or be able to do that, and it does not take into account 3rd party applications.

BTW, Nokia's DRM framework on Maemo 6 may be interesting for this purpose although you don't have your own private key so it would not stop Nokia or those who are able to force Nokia (ie., The Law) accessing the data.

__________________Goosfraba! All text written by allnameswereout is public domain unless stated otherwise. Thank you for sharing your output!

Ok jokes apart, I see your point.
It should not only protect the folder but the files in it. I guess, it might be possible to achieve this.

For ex, lets take a simple photo viewer app!
Assuming the photo viewer app only views files ending with an extension jpg/jpeg/bmp/png/raw/etc. To avoid protected data from being viewable in the photo viewer app, the extensions of those picture files in the to-be-protected folder can be changed to something other what the photo viewer app would understand (say, xyz). And the protector app will remember all these temporary mappings.

This app can be protected from being run by a password.

Good idea! A simple solution - for my own use - would be to change the extension as you say, as long as there is a "right-click" way to "open with" a program without creating a permanent association. That would at least keep away the photos, videos, documents, music etc that you woulnd't want someone to see when you are demonstrating the capabilities of the n900 to friends and work colleagues.